Ameaça detectada - Bloqueio de site nocivo

se esta ferramenta que indiquei não resolveu,tenho uma solução definitiva é Kaspersky Rescue Disk 10,Alguns vírus e aplicativos mal intencionados podem tornar o sistema operacional lento e até mesmo impedir sua inicialização. Para esta situação, podemos utilizar discos de recuperação, que trazem antivírus e ferramentas capazes de copiar arquivos do disco rígido para dispositivos como pendrives.

Kaspersky Rescue Disk nos permite acessar arquivos do computador quando o sistema operacional já está comprometido por vírus e outras pragas. Além disso, a ferramenta traz o mecanismo de verificação de vírus do conceituado Kaspersky Anti-Vírus 2013 , que pode ser atualizado durante a execução.

recomendo que baixe do site do fabricante é mais confiavel,nada de baixar no baixaki é uma fonte de virus ja ouvi vários relatos de usuarios recentes reclamando sobre virus e problemas nos arquivo ainda mais a maioria sendo falso antivirus.

https://support.kaspersky.com/4162

Baixe o arquivo e grave num CD ou DVD,usando o nero como imagem de iso

trago a Você passo a passo de como utilizar a ferramenta

http://www.youtube.com/watch?v=lgASt0Pa28c

http://www.superdownloads.com.br/imagens/telas/kaspersky-rescue-disk-129201,2.jpg

Abraços.

Hi essexboy,

Thank you for helping me :slight_smile:

I did exactly what you told me to do, and here are the files you asked.

You can talk in english with me, dont worry about translation.

You can talk in english with me, dont worry about translation.
Phew my Portuguese is on par with my Mandarin...

Let me know if this stops the alerts … It should

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://hgw4y.updateseguromob.com/ye0xowrtd0j.win
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-523984095-2543953926-3448830638-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=bf6cb260-560d-4370-bb00-3400eaf81667&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Essexboy, I think it worked !! I LOVE YOU MAN!

Take a look at the log.

YOU ROX my friend !!

Thank you so much ;D :smiley: :wink: 8) ::slight_smile:

I thought so, the problem was in the BHO’s/Addons very few malware tools are adept at looking there. Hence none of them found it

Run OTL and press the cleanup button to remove the programme, keep safe

Boa tarde,

Estou com o mesmo problema do Lamec.

Há dias o meu Avast vem exibindo sempre a mesma notificação: “O Módulo de Rede do Avast bloqueou um site nocivo”.
Meu Avast está atualizado (Avast FREE versão 7.0.1474) e as definições de vírus também (versão 121125-1).

Por favor, podem me ajudar?

Aguardo,

Re

@recm

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

I did as told.
But still the same problem.
The following records.

Sorry for the translation.
Tks.

Let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BR&userid=a13261b5-48bf-4e31-9dc2-8f4923264bae&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BR&userid=a13261b5-48bf-4e31-9dc2-8f4923264bae&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BR&userid=a13261b5-48bf-4e31-9dc2-8f4923264bae&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BR&userid=a13261b5-48bf-4e31-9dc2-8f4923264bae&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BR&userid=a13261b5-48bf-4e31-9dc2-8f4923264bae&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (no name) - {95525BD9-6136-4A26-8263-9CEE295D442D} - No CLSID value found.
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\..\Toolbar\WebBrowser: (no name) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1770027372-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Essexboy,

The version of my OTL is 3.2.69.0 not have this option “include 64bit scans” what do I do?

The 64 bit option will only appear for 64bit systems

So what do I do?

I did everything you said.
But the problem continues.

Follow the log.

Essexboy,

I’m not getting or open other web pages.
I’m waiting for you to tell me what to do.

Thank you.

What error do you get when you try to open a web page ?

não consigo abrir nenhuma página.

e o problema inicial permanece. Continua detectando ameaças.

e agora está travando o internet explorer.

Time for the big boy

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Follows the log (this is only what I have to send?)
I think it worked, because it is no longer getting the message blocking malicious site.

Thank you very much. You are very dear. And I’m sorry for the inconvenience.

Regiane.

Not a problem Combofix found the DLL that I could not see in the other log, How is the computer behaving now

Não é um problema que ComboFix encontrou a DLL que eu não podia ver no log de outro, como se o computador comporta agora